Reference Guide
Page 3
... 2-1 Before Accessing the ACS CLI 2-1 Starting the CSACS-1121 2-2 Running Setup to Configure ACS 2-2 Accessing the ACS CLI 2-3 Supported Hardware and Software Platforms 2-4 Opening the CLI with Secure Shell 2-5 Opening the CLI Using a Local PC 2-5 Understanding Command Modes 2-6 EXEC Mode 2-6 ACS Configuration Mode 2-7 Configuration Mode 2-8 Configuration Submodes 2-8 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iii
... 2-1 Before Accessing the ACS CLI 2-1 Starting the CSACS-1121 2-2 Running Setup to Configure ACS 2-2 Accessing the ACS CLI 2-3 Supported Hardware and Software Platforms 2-4 Opening the CLI with Secure Shell 2-5 Opening the CLI Using a Local PC 2-5 Understanding Command Modes 2-6 EXEC Mode 2-6 ACS Configuration Mode 2-7 Configuration Mode 2-8 Configuration Submodes 2-8 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iii
Reference Guide
Page 4
... install A-23 application remove A-24 application reset-config A-25 application start A-26 application stop A-26 application upgrade A-27 backup A-28 backup-logs A-30 clock A-31 configure A-32 copy A-32 debug A-36 delete A-38 dir A-39 exit A-41 forceout A-41 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iv OL-18996-01
... install A-23 application remove A-24 application reset-config A-25 application start A-26 application stop A-26 application upgrade A-27 backup A-28 backup-logs A-30 clock A-31 configure A-32 copy A-32 debug A-36 delete A-38 dir A-39 exit A-41 forceout A-41 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iv OL-18996-01
Reference Guide
Page 6
...A-88 show timezones A-89 show udi A-90 show uptime A-91 show users A-92 show version A-92 ACS Configuration Commands A-93 access-setting accept-all A-93 debug-adclient A-94 debug-log A-95 decrypt-support-bundle A-98 ...105 replication force-sync A-107 reset-management-interface-certificate A-108 show debug-adclient A-109 show debug-log A-110 Configuration Commands A-112 backup-staging-url A-113 cdp holdtime A-114 cdp run A-114 cdp timer A-115 clock timezone A-...A-124 ip default-gateway A-125 ip domain-name A-126 CLI Reference Guide for the Cisco Secure Access Control System 5.1 vi OL-18996-01
...A-88 show timezones A-89 show udi A-90 show uptime A-91 show users A-92 show version A-92 ACS Configuration Commands A-93 access-setting accept-all A-93 debug-adclient A-94 debug-log A-95 decrypt-support-bundle A-98 ...105 replication force-sync A-107 reset-management-interface-certificate A-108 show debug-adclient A-109 show debug-log A-110 Configuration Commands A-112 backup-staging-url A-113 cdp holdtime A-114 cdp run A-114 cdp timer A-115 clock timezone A-...A-124 ip default-gateway A-125 ip domain-name A-126 CLI Reference Guide for the Cisco Secure Access Control System 5.1 vi OL-18996-01
Reference Guide
Page 9
...document for the Cisco Secure Access Control System 5.1 ix OL-18996-01 CLI Reference Guide for all-inclusive information about the ACS appliance. • Do not vary the command-line conventions (see Document Conventions, page x). Subsequent sections build on the CSACS-1121 appliance. however,...level summary of the instructions in Related Documentation, page xi. Preface This guide describes how you can configure and maintain Cisco Secure Access Control System (ACS) 5.1 by using the CLI in the Cisco Application Deployment Engine (ADE) OS 1.2 that, in Related Documentation, ...
...document for the Cisco Secure Access Control System 5.1 ix OL-18996-01 CLI Reference Guide for all-inclusive information about the ACS appliance. • Do not vary the command-line conventions (see Document Conventions, page x). Subsequent sections build on the CSACS-1121 appliance. however,...level summary of the instructions in Related Documentation, page xi. Preface This guide describes how you can configure and maintain Cisco Secure Access Control System (ACS) 5.1 by using the CLI in the Cisco Application Deployment Engine (ADE) OS 1.2 that, in Related Documentation, ...
Reference Guide
Page 13
...available in ACS, page 1-5 • CLI Audit, page 1-11 Accessing the ACS Command Environment You can configure and monitor ACS 5.1 through the web interface. You can access the ACS CLI through a secure shell (...Guide for the Cisco Secure Access Control System 5.1 1-1 The following machines: • Windows PC running Windows XP/Vista. • Apple Computer running Mac OS X 10.4 or later. • PC running the Cisco Application Deployment Engine (ADE) OS 1.2. 1 C H A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121...
...available in ACS, page 1-5 • CLI Audit, page 1-11 Accessing the ACS Command Environment You can configure and monitor ACS 5.1 through the web interface. You can access the ACS CLI through a secure shell (...Guide for the Cisco Secure Access Control System 5.1 1-1 The following machines: • Windows PC running Windows XP/Vista. • Apple Computer running Mac OS X 10.4 or later. • PC running the Cisco Application Deployment Engine (ADE) OS 1.2. 1 C H A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121...
Reference Guide
Page 14
... to configure the appliance. User Accounts and Modes in ACS Chapter 1 Overview of the ACS Command Line Interface When you power up the CSACS-1121 appliance for... Admin account. It is created. Table 1-1 lists the command privileges for the Cisco Secure Access Control System 5.1 1-2 OL-18996-01 Table 1-1 Command Privileges Command ...; CLI Reference Guide for each type of Command Modes in the Configuration mode (see Types of user account: Admin and Operator (user). To create more users (with admin ...
... to configure the appliance. User Accounts and Modes in ACS Chapter 1 Overview of the ACS Command Line Interface When you power up the CSACS-1121 appliance for... Admin account. It is created. Table 1-1 lists the command privileges for the Cisco Secure Access Control System 5.1 1-2 OL-18996-01 Table 1-1 Command Privileges Command ...; CLI Reference Guide for each type of Command Modes in the Configuration mode (see Types of user account: Admin and Operator (user). To create more users (with admin ...
Reference Guide
Page 16
Typically, logging in the Operator (user) mode or the Admin (EXEC) mode. CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-4 OL-18996-01 User Accounts and Modes in ACS Chapter 1 Overview of the ACS Command Line Interface Table 1-1 Command Privileges (... show inventory show ip route show logging show logins show memory show ntp show ports show process show repository show restore show running-configuration show startup-configuration show tac show tech-support show terminal show timezone show timezones show udi show uptime show users show version snmp-server commands ssh ...
Typically, logging in the Operator (user) mode or the Admin (EXEC) mode. CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-4 OL-18996-01 User Accounts and Modes in ACS Chapter 1 Overview of the ACS Command Line Interface Table 1-1 Command Privileges (... show inventory show ip route show logging show logins show memory show ntp show ports show process show repository show restore show running-configuration show startup-configuration show tac show tech-support show terminal show timezone show timezones show udi show uptime show users show version snmp-server commands ssh ...
Reference Guide
Page 17
...reset IP address filtering and management interface certificate, define debug logging and show and reload (for the Cisco Secure Access Control System 5.1 1-5 See Configuration Commands, page 1-10. EXEC or System-Level Commands Table 1-2 describes the EXEC mode commands. ...01 CLI Reference Guide for example, application installation, application start | stop , copy files and installations, restore backups, and display information). This mode requires an administrator user account to perform additional configuration tasks in and perform the ACS configuration-related commands. ...
...reset IP address filtering and management interface certificate, define debug logging and show and reload (for the Cisco Secure Access Control System 5.1 1-5 See Configuration Commands, page 1-10. EXEC or System-Level Commands Table 1-2 describes the EXEC mode commands. ...01 CLI Reference Guide for example, application installation, application start | stop , copy files and installations, restore backups, and display information). This mode requires an administrator user account to perform additional configuration tasks in and perform the ACS configuration-related commands. ...
Reference Guide
Page 18
...a specific application. application install Installs a specific application bundle. application reset-config Resets an ACS configuration to a remote system. configure Enters the Configuration mode. dir Lists the files in ACS Chapter 1 Overview of the ACS Command Line Interface ...the Cisco Secure Access Control System 5.1 1-6 OL-18996-01 acs reset-config Resets the ACS configuration to a remote system. restore Restores a previous backup. telnet Telnets to factory defaults. CLI Reference Guide for example, backup and restore, configuration, copy...
...a specific application. application install Installs a specific application bundle. application reset-config Resets an ACS configuration to a remote system. configure Enters the Configuration mode. dir Lists the files in ACS Chapter 1 Overview of the ACS Command Line Interface ...the Cisco Secure Access Control System 5.1 1-6 OL-18996-01 acs reset-config Resets the ACS configuration to a remote system. restore Restores a previous backup. telnet Telnets to factory defaults. CLI Reference Guide for example, backup and restore, configuration, copy...
Reference Guide
Page 19
... the interfaces configured on the system for example, backup and restore, configuration, copy, resource locking, file transfer, and user management. See Table 1-3 for example, show application version. for a summary of the current session. Displays statistics for the Cisco Secure Access ... backup. Displays information about the enabled Cisco Discovery Protocol (CDP) interfaces. Displays information about the installed application; Traces the route of the disks. Show Commands The show commands. OL-18996-01 CLI Reference Guide for all terminal sessions. Displays file...
... the interfaces configured on the system for example, backup and restore, configuration, copy, resource locking, file transfer, and user management. See Table 1-3 for example, show application version. for a summary of the current session. Displays statistics for the Cisco Secure Access ... backup. Displays information about the enabled Cisco Discovery Protocol (CDP) interfaces. Displays information about the installed application; Traces the route of the disks. Show Commands The show commands. OL-18996-01 CLI Reference Guide for all terminal sessions. Displays file...
Reference Guide
Page 20
... lists the ACS Configuration commands and provides a short description of each ACS configuration command. Displays system and configuration information that currently runs in ACS. Displays information about the CSACS-1121's Unique Device Identifier (UDI). Displays information about the terminal configuration parameter settings for... export processes. Displays the restore history in ACS. Displays the contents of the configuration file that you can provide to the User Guide for the Cisco Secure Access Control System 5.1. Types of Command Modes in ACS Chapter 1 Overview of...
... lists the ACS Configuration commands and provides a short description of each ACS configuration command. Displays system and configuration information that currently runs in ACS. Displays information about the CSACS-1121's Unique Device Identifier (UDI). Displays information about the terminal configuration parameter settings for... export processes. Displays the restore history in ACS. Displays the contents of the configuration file that you can provide to the User Guide for the Cisco Secure Access Control System 5.1. Types of Command Modes in ACS Chapter 1 Overview of...
Reference Guide
Page 21
...and tus export processes. Only the network-device admin can issue this command. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 import-export-sta Displays the status of an Active Directory client. Chapter 1 Overview of the ACS ...super admin or system admin can issue this command. OL-18996-01 CLI Reference Guide for Any user, irrespective of the ACS components. decrypt-support-b Decrypts an ACS support bundle that particular configuration data to an ACS local store. Only users who have Read permission to a ...
...and tus export processes. Only the network-device admin can issue this command. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 import-export-sta Displays the status of an Active Directory client. Chapter 1 Overview of the ACS ...super admin or system admin can issue this command. OL-18996-01 CLI Reference Guide for Any user, irrespective of the ACS components. decrypt-support-b Decrypts an ACS support bundle that particular configuration data to an ACS local store. Only users who have Read permission to a ...
Reference Guide
Page 22
...Description Required User Role Displays debug logging status for the Cisco Secure Access Control System 5.1 OL-18996-01 Configures an interface type and enters the interface configuration mode. Note This is an interface configuration command. Sets the time zone for the Ethernet interface...2-6. Sets the Domain Name System (DNS) servers for use during a DNS query. 1-10 CLI Reference Guide for an Active Directory client. Table 1-5 lists the configuration commands and provides a short description of role, can issue subsystems. this command. Executes an EXEC-level ...
...Description Required User Role Displays debug logging status for the Cisco Secure Access Control System 5.1 OL-18996-01 Configures an interface type and enters the interface configuration mode. Note This is an interface configuration command. Sets the time zone for the Ethernet interface...2-6. Sets the Domain Name System (DNS) servers for use during a DNS query. 1-10 CLI Reference Guide for an Active Directory client. Table 1-5 lists the configuration commands and provides a short description of role, can issue subsystems. this command. Executes an EXEC-level ...
Reference Guide
Page 23
... server Description Sets the system clock on Configuration mode and submode commands, see show acs-logs command. OL-18996-01 CLI Reference Guide for the system. Synchronizes the software clock through the NTP server for the Cisco Secure Access Control System 5.1 1-11 Enters... the repository submode. Sends SNMP traps to a remote system. Table 1-6 Configuration Mode Commands for the system. ...
... server Description Sets the system clock on Configuration mode and submode commands, see show acs-logs command. OL-18996-01 CLI Reference Guide for the system. Synchronizes the software clock through the NTP server for the Cisco Secure Access Control System 5.1 1-11 Enters... the repository submode. Sends SNMP traps to a remote system. Table 1-6 Configuration Mode Commands for the system. ...
Reference Guide
Page 24
... self-signed ace-certificate certificate. Gathers information for the Cisco Secure Access Control System 5.1 OL-18996-01 replication Synchronizes configuration information between the primary and secondary ACS. 1-12 CLI Reference Guide for ACS troubleshooting. Starts or stops an ACS process. Performs a backup of an ACS configuration. import-export-abort Aborts specific (or all IP...
... self-signed ace-certificate certificate. Gathers information for the Cisco Secure Access Control System 5.1 OL-18996-01 replication Synchronizes configuration information between the primary and secondary ACS. 1-12 CLI Reference Guide for ACS troubleshooting. Starts or stops an ACS process. Performs a backup of an ACS configuration. import-export-abort Aborts specific (or all IP...
Reference Guide
Page 25
... installation: Note These sections only provide an overview of the installation and configuration process for understanding and configuring the Cisco Secure ACS 5.1 from the CLI. For detailed information, see the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1 2-1 Starting the CSACS-1121, page 2-2 2. 2 C H A P T E R Using the ACS Command Line Interface This chapter provides helpful tips...
... installation: Note These sections only provide an overview of the installation and configuration process for understanding and configuring the Cisco Secure ACS 5.1 from the CLI. For detailed information, see the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1 2-1 Starting the CSACS-1121, page 2-2 2. 2 C H A P T E R Using the ACS Command Line Interface This chapter provides helpful tips...
Reference Guide
Page 26
... setup utility to the Gigabit Ethernet 0 connector (see the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1 2-2 OL-18996-01 Running Setup to run the utility using the setup command, ensure that appears when the CSACS-1121 boots) only configures the Gigabit Ethernet 0 port. Before you have values for the following network...
... setup utility to the Gigabit Ethernet 0 connector (see the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1 2-2 OL-18996-01 Running Setup to run the utility using the setup command, ensure that appears when the CSACS-1121 boots) only configures the Gigabit Ethernet 0 port. Before you have values for the following network...
Reference Guide
Page 27
...n Enter username[admin]: Enter password: Enter password again: Pinging the gateway... Appliance is configured Installing applications... Rebooting... To create these users, you must log in to the ACS CLI for the Cisco Secure Access Control System 5.1 2-3 Installing acs ... In this example, this Admin account ... DNS domain[]: example.com Enter Primary nameserver[]: 172.16.12.33 Add/Edit another nameserver? OL-18996-01 CLI Reference Guide for the first time. Pinging the primary nameserver... After you enter the required information, the appliance automatically reboots and the ...
...n Enter username[admin]: Enter password: Enter password again: Pinging the gateway... Appliance is configured Installing applications... Rebooting... To create these users, you must log in to the ACS CLI for the Cisco Secure Access Control System 5.1 2-3 Installing acs ... In this example, this Admin account ... DNS domain[]: example.com Enter Primary nameserver[]: 172.16.12.33 Add/Edit another nameserver? OL-18996-01 CLI Reference Guide for the first time. Pinging the primary nameserver... After you enter the required information, the appliance automatically reboots and the ...
Reference Guide
Page 28
... through an SSH client or the console port. CLI Reference Guide for more information). If currently in one of the cursor-control keys and automatically uses the optimal device characteristics (see EXEC Mode, page 2-6). To exit the CLI, use of the configuration modes and you can log in from the EXEC mode... Command Line Interface To log in to the EXEC mode, and then enter the exit command (see Supported Hardware and Software Platforms, page 2-4, for the Cisco Secure Access Control System 5.1 2-4 OL-18996-01
... through an SSH client or the console port. CLI Reference Guide for more information). If currently in one of the cursor-control keys and automatically uses the optimal device characteristics (see EXEC Mode, page 2-6). To exit the CLI, use of the configuration modes and you can log in from the EXEC mode... Command Line Interface To log in to the EXEC mode, and then enter the exit command (see Supported Hardware and Software Platforms, page 2-4, for the Cisco Secure Access Control System 5.1 2-4 OL-18996-01
Reference Guide
Page 29
...admin for the username, and 22 for the Cisco Secure Access Control System 5.1 2-5 You can connect a PC to the CSACS-1121 appliance's console port (see Figure 2-1) by using a Cisco switch on the Add Profile window. Opening the CLI Using a Local PC If you need to configure ACS locally (without connecting to a wired LAN... utility to accept an Admin (administrator) user, log in as Admin. Note If using a null-modem cable. OL-18996-01 CLI Reference Guide for the port number; Assuming that supports SSH v2. The Connect to connect. Click Close on the other side of the connection, set the...
...admin for the username, and 22 for the Cisco Secure Access Control System 5.1 2-5 You can connect a PC to the CSACS-1121 appliance's console port (see Figure 2-1) by using a Cisco switch on the Add Profile window. Opening the CLI Using a Local PC If you need to configure ACS locally (without connecting to a wired LAN... utility to accept an Admin (administrator) user, log in as Admin. Note If using a null-modem cable. OL-18996-01 CLI Reference Guide for the port number; Assuming that supports SSH v2. The Connect to connect. Click Close on the other side of the connection, set the...